Struct webauthn_rs::WebauthnBuilder
source · pub struct WebauthnBuilder<'a> { /* private fields */ }
Expand description
A constructor for a new Webauthn instance. This accepts and configures a number of site-wide properties that apply to all webauthn operations of this service.
Implementations§
source§impl<'a> WebauthnBuilder<'a>
impl<'a> WebauthnBuilder<'a>
sourcepub fn new(rp_id: &'a str, rp_origin: &'a Url) -> WebauthnResult<Self>
pub fn new(rp_id: &'a str, rp_origin: &'a Url) -> WebauthnResult<Self>
Initiate a new builder. This takes the relying party id and relying party origin.
Safety
rp_id is what Credentials (Authenticators) bind themself to - rp_id can NOT be changed without breaking all of your users’ associated credentials in the future!
Examples
use webauthn_rs::prelude::*;
let rp_id = "example.com";
let rp_origin = Url::parse("https://idm.example.com")
.expect("Invalid URL");
let mut builder = WebauthnBuilder::new(rp_id, &rp_origin)
.expect("Invalid configuration");
Errors
rp_id must be an effective domain of rp_origin. This means that if you are hosting
https://idm.example.com
, rp_id must be idm.example.com
, example.com
or com
.
use webauthn_rs::prelude::*;
let rp_id = "example.com";
let rp_origin = Url::parse("https://idm.different.com")
.expect("Invalid URL");
assert!(WebauthnBuilder::new(rp_id, &rp_origin).is_err());
sourcepub fn allow_subdomains(self, allow: bool) -> Self
pub fn allow_subdomains(self, allow: bool) -> Self
Setting this flag to true allows subdomains to be considered valid in Webauthn operations.
An example of this is if you wish for https://au.idm.example.com
to be a valid domain
for Webauthn when the configuration is https://idm.example.com
. Generally this occurs
when you have a centralised IDM system, but location specific systems with DNS based
redirection or routing.
If in doubt, do NOT change this value. Defaults to “false”.
sourcepub fn allow_any_port(self, allow: bool) -> Self
pub fn allow_any_port(self, allow: bool) -> Self
Setting this flag skips port checks on origin matches
sourcepub fn append_allowed_origin(self, origin: &Url) -> Self
pub fn append_allowed_origin(self, origin: &Url) -> Self
Set extra origins to be considered valid in Webauthn operations. A common example of this is enabling use with iOS or Android native “webauthn-like” APIs, which return different app-specific origins than a web browser would.
sourcepub fn rp_name(self, rp_name: &'a str) -> Self
pub fn rp_name(self, rp_name: &'a str) -> Self
Set the relying party name. This may be shown to the user. This value can be changed in the future without affecting credentials that have already registered.
If not set, defaults to rp_id.
sourcepub fn danger_set_user_presence_only_security_keys(self, enable: bool) -> Self
Available on crate feature danger-user-presence-only-security-keys
only.
pub fn danger_set_user_presence_only_security_keys(self, enable: bool) -> Self
danger-user-presence-only-security-keys
only.Enable security keys to only require user presence, rather than enforcing their user-verification state.
requires feature danger-user-presence-only-security-keys
sourcepub fn build(self) -> WebauthnResult<Webauthn>
pub fn build(self) -> WebauthnResult<Webauthn>
Complete the construction of the Webauthn instance. If an invalid configuration setting is found, an Error will be returned.
Examples
use webauthn_rs::prelude::*;
let rp_id = "example.com";
let rp_origin = Url::parse("https://idm.example.com")
.expect("Invalid URL");
let mut builder = WebauthnBuilder::new(rp_id, &rp_origin)
.expect("Invalid configuration");
let webauthn = builder.build()
.expect("Invalid configuration");